You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Gerry Kaplan <gk...@kaplansoftware.com> on 2005/11/07 04:17:30 UTC

Authentication question

My application requires an additional step for authentication. First, the
user id and password must be validated as usual. I have this part working
just fine. Once the user is authenticated, an additional check needs to be
made to determine whether the user's account status is "active". If the user
is "suspended" (possibly due to a declined credit card transaction), then I
want the user to be redirected to a page which tells them to contact
customer support -- they should not be allowed to be authenticated.

What is the best way to handle this. 

Here's a simple flow for what I need:

User fills in the login page.
If userid/pwd correct
   if account status is "OK"
      redirect to user's home page
   else
      invalidate the user's session
      redirect to "contact us" page
   end-if
Else
   redirect to "incorrect pwd, try again" page.
End-if

Certainly this is a common scenario. I read through the Authentication
framework and understand the basic authentication (which is working fine),
but I don't understand what the additional configuration options give me
(there's no examples of how to use them).

Help please?

Gerry